Extras

OutlineMessage circulating on Facebook warns users not to click on a link to a game related to Twilight the Movie "Breaking Dawn" because it has been reported by Facebook and CNN as the worst virus ever.

Brief Analysis
Although this message alludes to a real security threat that has recently targeted Facebook users, it is nevertheless quite misleading and inaccurate. The threat discussed in the warning was a typical rogue application survey scam, not the "worst virus ever". In fact, it was not a virus at all, nor was it reported as such by either CNN or Facebook.

WARNING: this was on CNN this morning. do not click on a link that says it is a game for Twilight the Movie, "BREAKING DAWN" it will have a picture and everything. this is not associated with FB. FB says this is the worst virus ever!!! PLEASE REPOST!!!

Detailed Analysis
According to yet another breathless warning rocketing recklessly around Facebook, CNN reported "this morning" on a virus linked to the popular "Twilight Saga" movies. The message claims that the threat has been identified as the "worst virus ever" by Facebook and asks that users repost the information to warn others.

The message is apparently derived from earlier warnings about a real security threat that has recently targeted Twilight fans on Facebook. However, this threat was a rogue application survey scam, not the "worst virus ever". Far from being the "worst virus ever", it was not actually a virus at all. Nor was it reported as the worst virus ever by either CNN or Facebook as claimed in the warning message. Thus, although there was a real threat that used "Twilight" to entice victims, this garbled and inaccurate message is not a valid warning about this threat.

Survey scammers have recently used Facebook's photo tagging function to trick Twilight fans into clicking links to what they believed was a game based on the Twilight Breaking Dawn" movie. In fact, the links opened a rogue Facebook application, not a virus. If installed, this application spammed out further messages promoting itself via the user's Facebook account. And the rogue app claimed that, before being allowed to play the game, users were required to verify their identity by participating in one or more "surveys". Clicking the survey links took users to third party spam survey sites that tried to fool them into signing up for absurdly expensive SMS "services", providing personal information via bogus competition entry forms or downloading spyware hidden in "free" games, toolbars or other applications. Those responsible for this survey scam received a commission whenever a person filled in a survey or an application form, or provided their mobile phone number.

The specific rogue application discussed here has apparently been removed from Facebook, but other versions that use "Twlight" as a lure may well follow. This survey scam was very similar to hundreds of other such scams that are currently targeting Facebook users.

Unfortunately, the person who created this warning about the Twilight game threat, has not only misidentified the threat as a virus, but has also based the message on a long running series of inane and pointless virus hoaxes that have circulated in various forms for at least a decade. All variants falsely claim that the supposed virus has been reported on CNN. All variants also falsely claim that a particular entity such as Microsoft or McAfee have declared the virus as the worst or most destructive ever.

Although users can certainly help prevent people from falling victim to online scams by letting others know about such threats, it is important that the information they pass on is accurate and up-to-date. Reposting false or misleading security warnings is likely to do more harm than good. For example, some users may go ahead and install the rogue application because they have concluded, not unreasonably, that the app is not related to the terrible "virus" discussed in the warning. And, because of the breathless, "over-the-top" style used in such messages, many users may dismiss them as outright hoaxes, thereby making themselves more vulnerable to the real threats. Moreover, as is likely to be true in this case, such garbled warnings are apt to continue circulating for months or even years after the actual threat they lamely attempt to describe has disappeared.